[c-nsp] can someone from Cisco enlighten Steve and the rest of us?
On Mon, 2009-09-21 at 00:26 -0400, Steve Fischer wrote: This would be more acceptable (at least to me), were this an issue with a 3560 switch, or a 2800 series router, but this was 2 core switches of their flagship product, the 6500. Enterprise data centers throughout the US. Like the one at my organization, rely heavily on this product, and it should be supported as such. I understand the problem, but given the criticality of these devices as they relate to the core infrastructure of so many organizations, transferring the call to India is not an acceptable way of dealing with it. Steve, I agree completely. I see some of the C-NSP posters don't even deal with TAC other than by email. It is a shame when a company asks the price they do for not only the hardware and software of the device, but the paid support should be useful and effective. I think it might be time that Cisco reexamine their outsourcing of support for mission critical hardware. I have spoken to some very bright people not only at Cisco, but Watchguard and a few other vendors whose support is India based. These are smart men and women, we just need to be able to understand what is being said on the other end of the phone, which is often complicated by the fact that I am on speakerphone. Cisco should be made aware of this in every way possible as long as it is constructive for the community. I applaud your patience and fortitude and I also know I would probably have not handled the situation as coolly as you did. Sorry you had to deal with this. Hopefully, as a result of your experience Cisco will work to improve how these network down emergencies are handled. Sincerely, Richard ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Cisco TAC issues - can someone from Cisco enlighten me on this?
Hank Nussbacher wrote: At 22:54 20/09/2009 -0400, Jeff Kell wrote: Front-line TAC has gotten incomprehensibly bad. The most recent case came back with info request (this is a direct quote): To help isolate the issue, *please answer the following questions * **1. When did you noticed this issue? 2. Did you perform any IOS upgrade recently? 3. If yes, when did you upgraded it and is the problem started occurring after that ? 4. Are we facing the same issue with all the ports ? 5. Are the devices connected to these ports are running fine ? And this seems strange to you, why? :-) We dropped TAC last year and haven't looked back. Next we drop Cisco. Drop Cisco for who? I have been under the impression they're all the same. Likewise, I don't pay for super-TAC support either. I've found that between docs and this list one get better support than TAC can offer (software bugs that need fixing aside). ~Seth ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Cisco Security Advisory: TCP State Manipulation Denial ofService Vulnerabilities in Multiple Cisco Products
Hi, On Fri, Sep 18, 2009 at 08:52:32PM -0700, Kevin Graham wrote: Sorry, the thought of being able to plan forward-looking purchases and technology migrations this beautifully makes me tingly... _These_ would be the moves of a dominant market leader with a rich innovative history. Full ACK... gert -- USENET is *not* the non-clickable part of WWW! //www.muc.de/~gert/ Gert Doering - Munich, Germany g...@greenie.muc.de fax: +49-89-35655025g...@net.informatik.tu-muenchen.de pgpBTgd3X9D8B.pgp Description: PGP signature ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Need help troubleshooting CRC errors
I've seen similar situations where a shaping fine tuning in the carrier equipment's settings solved the CRC errors. All the ATM VP/VC related equipment in the circuit should be shaped properly, depending on what type of service you get, CBR, VBR, etc. Either too high or too low values could cause cells drops thus rising the CRC errors. A 20% overhead needs to be taken in count for ATM to non-ATM conversions in the circuit HTH Ziv -Original Message- From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Gert Doering Sent: Saturday, September 19, 2009 7:26 PM To: Steven Pfister Cc: cisco-nsp@puck.nether.net Subject: Re: [c-nsp] Need help troubleshooting CRC errors Hi, On Thu, Sep 17, 2009 at 10:39:21AM -0400, Steven Pfister wrote: that pretty much every one of them is showing what I think is a rather high receive error count on the 3640 end of the OC3 connection, and it all seems to be CRC errors. Not much of any errors are showing up on the 8510 end of the OC3 connection. For example, one site yesterday late afternoon showed 63, 763 receive errors for the day. Several others were in the 20Ks. I'm not really certain what the cause might be, or where to start. Can anyone help? Is there a carrier network in between? In our cases, whenever we saw ATM CRC errors, it was due to dropped cells in the carrier network (overloaded). If the receiving router cannot reassemble a packet due to missing cells - CRC error. If the STM-1 is direct, no carrier ATM gear in between (just SDH/SONET) gear, it be a bad line. In that case it won't be cell drops. gert -- USENET is *not* the non-clickable part of WWW! //www.muc.de/~gert/ Gert Doering - Munich, Germany g...@greenie.muc.de fax: +49-89-35655025g...@net.informatik.tu-muenchen.de This footnote confirms that this email message has been scanned by PineApp Mail-SeCure for the presence of malicious code, vandals computer viruses. This footnote confirms that this email message has been scanned by PineApp Mail-SeCure for the presence of malicious code, vandals computer viruses. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] fake-workaround ... Re: Enhanced download procedure
That will be called the D-Day ?? :-) -Original Message- From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Jared Mauch Sent: Friday, September 18, 2009 10:15 PM To: david raistrick Cc: cisco-nsp@puck.nether.net Subject: [c-nsp] fake-workaround ... Re: Enhanced download procedure So when you get to the following page where it says If your download does not start click here, you can view source with your web browser, and look for the following important components: eg: fileName:s72033-advipservicesk9-mz.122-33.SXI2a.bin filePath:/swc/esd/03/crypto/3DES/281569550/contract ftpServerName:download-sj.cisco.com If you go ahead and combine these into: http://download-sj.cisco.com/swc/esd/03/crypto/3DES/281569550/contract/s72033-advipservicesk9-mz.122-33.SXI2a.bin you can use LYNX (if it has SSL support) still to do the siteminder cookie fu and fetch your image. Why they won't just expose these links directly is foolish and a problem. I do suggest we have a download-day where everyone opens a tac case at the same time to get the direct link to images. - Jared ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ This footnote confirms that this email message has been scanned by PineApp Mail-SeCure for the presence of malicious code, vandals computer viruses. This footnote confirms that this email message has been scanned by PineApp Mail-SeCure for the presence of malicious code, vandals computer viruses. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Router logs going to dmesg
Hello, somewhere at the start of syslog.conf you will see something like: *.err /dev/sysmsg *err;kern.debug/var/adm/messages *.alert;kern.err operator etc. change it to something like: *.err;local0.none /dev/sysmsg *err;kern.debug;local0.none /var/adm/messages etc. and then pkill -1 syslogd Regards, John On Mon, 21 Sep 2009, Andy Saykao wrote: Hi All, I'm trying to send cisco logs to a syslog server running Solaris 9. It's logging fine except that I'm seeing some logs showing up in dmesg. Example of a dmesg outout: Sep 21 13:44:16 [172.16.9.18.224.173] 3297: Sep 21 13:44:15.981 AEST: %LINK-3-UPDOWN: Interface GigabitEthernet0/45, changed state to down Sep 21 13:44:21 [172.16.9.18.224.173] 3298: Sep 21 13:44:20.956 AEST: %LINK-3-UPDOWN: Interface GigabitEthernet0/45, changed state to up Sep 21 13:48:38 agr1-cr-loopback-0.x.x.x 315047: Sep 21 13:48:37.756 AEST: %SNMP-3-AUTHFAIL: Authentication failure for SNMP req from host 83.143.128.1 I've tried changing the facility to local0.info on the cisco devices but still the same thing is happening. Is there a particular facility I should be using so the logs don't appear in dmesg??? This was the only thing I could find on goggle about my problem but no real solution. http://www.velocityreviews.com/forums/t34315-which-facility-is-best-for- logging-to-linux-syslog.html This is my /etc/syslog.conf file. # Log cisco routers local0.info /var/log/cisco.log And my config on the routers. logging facility local0 logging source-interface Loopback0 logging 210.15.210.x Thanks. Andy This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. Please notify the sender immediately by email if you have received this email by mistake and delete this email from your system. Please note that any views or opinions presented in this email are solely those of the author and do not necessarily represent those of the organisation. Finally, the recipient should check this email and any attachments for the presence of viruses. The organisation accepts no liability for any damage caused by any virus transmitted by this email. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Cisco IPSec/VPN + DNS - Issue
Just an update on this for the archives: Turned out to be one of the DNS servers specified in the information pushed by the IPSec/VPN server was not configured to provide recursive look-ups for the address space assigned to users when they connect to the VPN. Figured it out when moving the DNS server IP addresses around with the SSL/VPN as well. I suppose what threw me off is the fact that Cisco seem to have scenarios where the VPN works, but DNS doesn't. Our Systems Administrators will be fixing the recursive ACL's. Cheers, Mark. signature.asc Description: This is a digitally signed message part. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Cisco TAC issues - can someone from Cisco enlighten me on this?
On Monday 21 September 2009 12:58:05 pm Justin M. Streiner wrote: I've run into this in the past with different vendors, even on occasions when the most frequently needed information (show tech, request tech-support, etc...) is attached to the support case before it gets assigned to an engineer. A response like the one that was previously posted indicates that the engineer who handled the case failed to look at those attachments, wasting time and effort on both sides. Same here; and we've seen this both for Cisco and other vendors. We spend the time to post the usual details support engineers would need when we first submit the case, i.e.: o software version o platform type/model o status before issue o status during issue o mitigating actions taken to resolve issue o current status o any changes that could be impacting o how badly the network is affected o what the impact may mean for business o e.t.c. ... and then we get back a list of questions asking us the very things we've submitted. Many times, I've sent back an e-mail to the support engineers asking them to read my submission and then come back to me - and it works, although I'd rather not waste time doing that. Given how difficult dealing with TAC(s) can be via e-mail, we've never engaged them on phone, unless when they call us to run labs, fortunately or otherwise. It could be a lot better... Cheers, Mark. signature.asc Description: This is a digitally signed message part. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Cisco TAC issues - can someone from Cisco enlighten me on this?
hi, the webex option is worrying when you have a core failure (and therefore network is unknown useable status) I think a large swathe of support is going the webex route where they get you to log in and then they poke around your system using predetermined flow chart of things to check (i've been on the end of 2 of these recently - the end result being ' yes, it is configured as you say and tech-support shows, and yes we do see the same error message as you :-| ) but regarding the phone call - its not quite 'native English-speaking' that you are after per-se what the issue is is regional accents - strong accents and pronunciation can make for very difficult and strained conversations.. believe me - we have 'native English speakers' all over the UK who can be very difficult to fathom - many times I have been chatting to support staff in Scotland, Nthn Ireland etc and i just cant make out certain words/phrases so have to 'replay' the words i did make out to make out what they've said - and Tyneside and Merseyside accents can be just as bad ;-) unfortunately, with 'worldwide' companies and support this situation will become more common salaries in the 'up and coming' economic zones are $$cheap$$ and working rules/protection very weak... out of hours working is not eg double time or time off in lieu. and VOIP technology lets this play out cheaply too. They can probably train up and hire 4 or 5 Eastern engineers for the price of a Euro or US engineer on the phone (an Engineer limited to ~39hours /week and well paid overtime/out of hours coverage etc) anyway, technically - you booted your 6500's into a new IOS...they actually came up, switched/routed for some time and THEN dropped back to ROMMON mode? alan ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Cisco TAC issues - can someone from Cisco enlighten meon this?
on the other hand, I open all of my cases with all relevant information and as explanatory comments as possible. *AND* I immediately call the dispatcher and ask for the case be requeued to Brussels. Simple, effective. I've yet to see an engineer from bru ignoring the information that's pre-attached. And in bru, even the first-line engs are reasonable enough to call in their escallation as soon as they get into the picture and see if they can help with the issue themselves. (btw - asking for requeue to bru is what everybody reasonable at Cisco recommends to do - of course for europe...) -- deejay -Original Message- From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp- boun...@puck.nether.net] On Behalf Of Mark Tinka Sent: Monday, September 21, 2009 9:40 AM To: cisco-nsp@puck.nether.net Subject: Re: [c-nsp] Cisco TAC issues - can someone from Cisco enlighten meon this? On Monday 21 September 2009 12:58:05 pm Justin M. Streiner wrote: I've run into this in the past with different vendors, even on occasions when the most frequently needed information (show tech, request tech-support, etc...) is attached to the support case before it gets assigned to an engineer. A response like the one that was previously posted indicates that the engineer who handled the case failed to look at those attachments, wasting time and effort on both sides. Same here; and we've seen this both for Cisco and other vendors. We spend the time to post the usual details support engineers would need when we first submit the case, i.e.: o software version o platform type/model o status before issue o status during issue o mitigating actions taken to resolve issue o current status o any changes that could be impacting o how badly the network is affected o what the impact may mean for business o e.t.c. ... and then we get back a list of questions asking us the very things we've submitted. Many times, I've sent back an e-mail to the support engineers asking them to read my submission and then come back to me - and it works, although I'd rather not waste time doing that. Given how difficult dealing with TAC(s) can be via e-mail, we've never engaged them on phone, unless when they call us to run labs, fortunately or otherwise. It could be a lot better... Cheers, Mark. __ Informacia od ESET NOD32 Antivirus, verzia databazy 4437 (20090918) __ Tuto spravu preveril ESET NOD32 Antivirus. http://www.eset.sk __ Informacia od ESET NOD32 Antivirus, verzia databazy 4437 (20090918) __ Tuto spravu preveril ESET NOD32 Antivirus. http://www.eset.sk ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Cisco TAC issues - can someone from Cisco enlighten me on this?
There is always a Duty Manager available to escalate faults. They are non technical but there job is get you the support you need in critical situations. In the 10 years I have been dealing daily with the TAC I have spoken to them may 5 times and each time they have done the business. Regards Kevin On Mon, Sep 21, 2009 at 9:24 AM, Alan Buxey a.l.m.bu...@lboro.ac.uk wrote: hi, the webex option is worrying when you have a core failure (and therefore network is unknown useable status) I think a large swathe of support is going the webex route where they get you to log in and then they poke around your system using predetermined flow chart of things to check (i've been on the end of 2 of these recently - the end result being ' yes, it is configured as you say and tech-support shows, and yes we do see the same error message as you :-| ) but regarding the phone call - its not quite 'native English-speaking' that you are after per-se what the issue is is regional accents - strong accents and pronunciation can make for very difficult and strained conversations.. believe me - we have 'native English speakers' all over the UK who can be very difficult to fathom - many times I have been chatting to support staff in Scotland, Nthn Ireland etc and i just cant make out certain words/phrases so have to 'replay' the words i did make out to make out what they've said - and Tyneside and Merseyside accents can be just as bad ;-) unfortunately, with 'worldwide' companies and support this situation will become more common salaries in the 'up and coming' economic zones are $$cheap$$ and working rules/protection very weak... out of hours working is not eg double time or time off in lieu. and VOIP technology lets this play out cheaply too. They can probably train up and hire 4 or 5 Eastern engineers for the price of a Euro or US engineer on the phone (an Engineer limited to ~39hours /week and well paid overtime/out of hours coverage etc) anyway, technically - you booted your 6500's into a new IOS...they actually came up, switched/routed for some time and THEN dropped back to ROMMON mode? alan ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] IOS for 7206VXR, SRD2a or SRC4?
Hi all, Any recommendation of an IOS for a 7206VXR? I was using the features navigator and I saw that SRD2a and SRC4 are mostly the same so, what are the differences between both of them? Thanks in advance. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] IOS for 7206VXR, SRD2a or SRC4?
Hi, On Mon, Sep 21, 2009 at 12:01:08PM +0200, luismi wrote: Any recommendation of an IOS for a 7206VXR? What exactly are you planning to use the box for? I was using the features navigator and I saw that SRD2a and SRC4 are mostly the same so, what are the differences between both of them? We're using 12.3 and 12.4 mainline with good success for basic IPv4, IPv6, L2TP termination stuff. So it really depends on what is the box supposed to do. gert -- USENET is *not* the non-clickable part of WWW! //www.muc.de/~gert/ Gert Doering - Munich, Germany g...@greenie.muc.de fax: +49-89-35655025g...@net.informatik.tu-muenchen.de pgpDD31rY8L8f.pgp Description: PGP signature ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] IOS for 7206VXR, SRD2a or SRC4?
yes, I know we are going to use... EIGRP, BGP, ACL, PBR, reflexive ACLs, HSRP, GRE tunnels, multicast, VRFs, EEM, SLA, SNMP, Netflow... I would like to go also for BFD, OSPF and/or MP-BGP in the future. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] IOS for 7206VXR, SRD2a or SRC4?
12.4(15)T10 Its the third or fourth bug-fix only release in the 12.4(15)T line of code... You have a lot of features you want to enable... I would try this one first.. From: luismi asturlui...@gmail.com To: Gert Doering g...@greenie.muc.de Cc: cisco-nsp@puck.nether.net cisco-nsp@puck.nether.net Sent: Monday, September 21, 2009 5:25:43 AM Subject: Re: [c-nsp] IOS for 7206VXR, SRD2a or SRC4? yes, I know we are going to use... EIGRP, BGP, ACL, PBR, reflexive ACLs, HSRP, GRE tunnels, multicast, VRFs, EEM, SLA, SNMP, Netflow... I would like to go also for BFD, OSPF and/or MP-BGP in the future. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] IOS for 7206VXR, SRD2a or SRC4?
I using this software: #sh ver | i IOS IOS (tm) 7200 Software (C7200-JK9O3S-M), Version 12.3(15b), RELEASE SOFTWARE (fc1) 2009/9/21 Derick Winkworth dwinkwo...@att.net 12.4(15)T10 Its the third or fourth bug-fix only release in the 12.4(15)T line of code... You have a lot of features you want to enable... I would try this one first.. From: luismi asturlui...@gmail.com To: Gert Doering g...@greenie.muc.de Cc: cisco-nsp@puck.nether.net cisco-nsp@puck.nether.net Sent: Monday, September 21, 2009 5:25:43 AM Subject: Re: [c-nsp] IOS for 7206VXR, SRD2a or SRC4? yes, I know we are going to use... EIGRP, BGP, ACL, PBR, reflexive ACLs, HSRP, GRE tunnels, multicast, VRFs, EEM, SLA, SNMP, Netflow... I would like to go also for BFD, OSPF and/or MP-BGP in the future. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ -- With best regards, Andrey 'sshd' Petrenko xmmp: sshd at jabber.org gtalk: andy.petrenko at gmail.com skype: andy.petrenko web: http://sshd.by ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Need help troubleshooting CRC errors
The 3640 has a ATM 1A-OC3MM. The 1500 MTU is hard coded in the config. These sites were all set up before I started here 2 years ago. We're gradually replacing the ATM at the older sites with CSME. thanks! Steve Pfister Technical Coordinator, The Office of Information Technology Dayton Public Schools 115 S. Ludlow St. Dayton, OH 45402 Office (937) 542-3149 Cell (937) 673-6779 Direct Connect: 137*131747*8 Email spfis...@dps.k12.oh.us Antonio Soares amsoa...@netcabo.pt 9/18/2009 7:08 PM This document might help you: Understanding Maximum Transmission Unit (MTU) on ATM Interfaces http://www.cisco.com/en/US/tech/tk39/tk371/technologies_tech_note09186a00800c8279.shtml This is what it says about Length Violations: A router increments the AAL5 length violation counter when the calculated size of a reassembled packet fails to match the received value of the AAL5 length field regardless of the MTU. To understand how these violations can occur, you need to understand how a receiving ATM interface recognizes the last cell of a frame. What ATM NM do you have in the 3640 ? Did you change the default MTU from 4470 to 1500 ? Regards, Antonio Soares, CCIE #18473 (RS) amsoa...@netcabo.pt -Original Message- From: Steven Pfister [mailto:spfis...@dps.k12.oh.us] Sent: sexta-feira, 18 de Setembro de 2009 19:09 To: Antonio Soares; cisco-nsp@puck.nether.net Subject: RE: [c-nsp] Need help troubleshooting CRC errors Thanks for the link... I have a little more detail about the problem now: 'show atm pvc x/y' shows: CrcErrors: 69402, SarTimeOuts: 2, OverSizedSDUs: 0, LengthViolation: 69294, CPIErrors: 0 Also, the router side shows, on 'show int': MTU 1500 bytes, sub MTU 1500, BW 155000 Kbit, DLY 80 usec, router side, on 'show atm int atm': Max. Datagram Size: 1558 8510 switch side, on 'show int': MTU 4470 bytes, sub MTU 4470, BW 155520 Kbit, DLY 0 usec, Would this be a problem? Steve Pfister Technical Coordinator, The Office of Information Technology Dayton Public Schools 115 S. Ludlow St. Dayton, OH 45402 Office (937) 542-3149 Cell (937) 673-6779 Direct Connect: 137*131747*8 Email spfis...@dps.k12.oh.us Antonio Soares amsoa...@netcabo.pt 9/17/2009 11:45 AM Try this document: CRC Troubleshooting Guide for ATM Interfaces http://www.cisco.com/en/US/tech/tk39/tk48/technologies_tech_note09186a00800c93ef.shtml Regards, Antonio Soares, CCIE #18473 (RS) amsoa...@netcabo.pt -Original Message- From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Steven Pfister Sent: quinta-feira, 17 de Setembro de 2009 15:39 To: cisco-nsp@puck.nether.net Subject: [c-nsp] Need help troubleshooting CRC errors Some of our older remote sites are connected via ATM. Two or three T1s come into an Cisco 8510, and from there a 155mbps OC3 connection over fiber to a 3640 router. Lately, I've been noticing that pretty much every one of them is showing what I think is a rather high receive error count on the 3640 end of the OC3 connection, and it all seems to be CRC errors. Not much of any errors are showing up on the 8510 end of the OC3 connection. For example, one site yesterday late afternoon showed 63, 763 receive errors for the day. Several others were in the 20Ks. I'm not really certain what the cause might be, or where to start. Can anyone help? Thanks! Steve Pfister Technical Coordinator, The Office of Information Technology Dayton Public Schools 115 S. Ludlow St. Dayton, OH 45402 Office (937) 542-3149 Cell (937) 673-6779 Direct Connect: 137*131747*8 Email spfis...@dps.k12.oh.us ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Cisco TAC issues - can someone from Cisco enlighten me on this?
as an aside, the TAC engineer (Indian engineer #4) stuck with it, and has found the bug that was causing the meltdown. Credit certainly needs to be given for that. On Mon, Sep 21, 2009 at 4:24 AM, Alan Buxey a.l.m.bu...@lboro.ac.uk wrote: hi, the webex option is worrying when you have a core failure (and therefore network is unknown useable status) I think a large swathe of support is going the webex route where they get you to log in and then they poke around your system using predetermined flow chart of things to check (i've been on the end of 2 of these recently - the end result being ' yes, it is configured as you say and tech-support shows, and yes we do see the same error message as you :-| ) but regarding the phone call - its not quite 'native English-speaking' that you are after per-se what the issue is is regional accents - strong accents and pronunciation can make for very difficult and strained conversations.. believe me - we have 'native English speakers' all over the UK who can be very difficult to fathom - many times I have been chatting to support staff in Scotland, Nthn Ireland etc and i just cant make out certain words/phrases so have to 'replay' the words i did make out to make out what they've said - and Tyneside and Merseyside accents can be just as bad ;-) unfortunately, with 'worldwide' companies and support this situation will become more common salaries in the 'up and coming' economic zones are $$cheap$$ and working rules/protection very weak... out of hours working is not eg double time or time off in lieu. and VOIP technology lets this play out cheaply too. They can probably train up and hire 4 or 5 Eastern engineers for the price of a Euro or US engineer on the phone (an Engineer limited to ~39hours /week and well paid overtime/out of hours coverage etc) anyway, technically - you booted your 6500's into a new IOS...they actually came up, switched/routed for some time and THEN dropped back to ROMMON mode? alan -- To him who is able to keep you from falling and to present you before his glorious presence without fault and with great joy ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] IOS for 7206VXR, SRD2a or SRC4?
I didn't tell you, it is a NPE-G2 El lun, 21-09-2009 a las 05:32 -0700, Derick Winkworth escribió: 12.4(15)T10 Its the third or fourth bug-fix only release in the 12.4(15)T line of code... You have a lot of features you want to enable... I would try this one first.. __ From: luismi asturlui...@gmail.com To: Gert Doering g...@greenie.muc.de Cc: cisco-nsp@puck.nether.net cisco-nsp@puck.nether.net Sent: Monday, September 21, 2009 5:25:43 AM Subject: Re: [c-nsp] IOS for 7206VXR, SRD2a or SRC4? yes, I know we are going to use... EIGRP, BGP, ACL, PBR, reflexive ACLs, HSRP, GRE tunnels, multicast, VRFs, EEM, SLA, SNMP, Netflow... I would like to go also for BFD, OSPF and/or MP-BGP in the future. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Cisco TAC issues - can someone from Cisco enlighten me onthis?
THE BEST way to work with TAC and possibly anticipate failure in your case is (assuming you don't have backup 6500 to load the intended image in lab) : 1. Open up the TAC case 3 - 4 hrs before upgrading through the web (open w/ P2) 2. Provide all necessary information through web (these information will go through system before reaching the correct guy) 3. If an engineer has been assigned, call him up and tell him about your upgrade plan. (In this time, you can ensure yourself there's not any communication issue) If you're not happy with the assigned engineer, call duty manager to get native speaker. 4. Only after you've found TAC engineer you're comfortable (tech language) with, get him to understand your plan (details), and get him remote access to console your 6500. Don't forget to get his desk number as well. If everything is settled, ask him to wait when the maintenance window comes and leave the case as P2. 5. You upgrade 6500 during the window, when problems come. Call up the engineer, tell your problem and if necessary ask him to console in to your core switch.(Or ask him right away) I'm sure you'll get appropriate TAC help within minutes. Asa Powered by Telkomsel BlackBerry® -Original Message- From: Steve Fischer sfischer1...@gmail.com Date: Sun, 20 Sep 2009 17:41:08 To: cisco-nsp@puck.nether.net Subject: [c-nsp] Cisco TAC issues - can someone from Cisco enlighten me on this? Last Thursday evening, at around midnight, in the course of my organizations network maintenance, we had not one but two of our core 6500 switches go into ROMMON (after being rebooted with new code, and being operational for approximately 45 minutes)at the same time and for no apparent reason. Attempts to reboot the devices were in vain, and attempts to roll-back also appeared to be in vain, so I called the Cisco TAC and opened a P1 case. Immediately, the call was routed over to India. I was in a loud data center, and the engineers accent was very thick, to the point I could not hear him over the background noise, much less understand him. Other than asking for a webex session - made impossible by the fact that the network core is down, he offers nothing in the way of assistance. I asked to have the case transferred to a native-English speaking engineer. Call transferred to Indian engineer #2, and the communications issues persist. I have two core switches down, and am becoming more than a little concerned. Same result - engineer really offers nothing in the way of assistance, and I again, request the call to be transferred to a native-English speaking engineer. Enter Indian engineer #3. Now let me state here for the record that I am in no way questioning the competence of the three gentlemen I spoke to, nor do I have any xenophobic tendencies, but I would like to make a few points here: 1. If I cannot understand the support engineer, it will be difficult for him to assist me, regardless of his skill level. 2. Having a native-English speaking engineer available would have been at this time very disarming, and calming in the midst of for what was for me a crisis. In the medical field, they call it bed-side manner, which would have been of immense value given the crisis I was facing. 3. My organization spends well over $100K annually in Cisco maintenance. Case transferred to Indian engineer #4. Now, while this was occurring, I called Cisco's TAC and asked the case be re-queued to an engineer in North America. I was told that there were no support engineers on duty in North America. Now, I'm getting upset, and more than just a little. Also, in the meantime, it was suggested that I remove one of the CompactFlash cards from one of the 6500's that was still working (we have 4 total), and try to boot from the IOS image on it. Upon ejecting the Flash card, that 6500 too, went immediately into ROMMON. So, now, we have 3 of 4 core switches down. The entire data center is down, and are one step away from the phone system going down as well - which indeed did happen. As we now have all four cores down, the options of rebooting them with the old code. One by one, through all four cores, they are rolled back, and finally the network comes up. Let me say the fourth engineer suggested this, by prior to that, I had concluded this was going to be the best course of action. Now, back up two weeks. I had a Cisco Works issue at around 3:00PM EST, and open a case for it. The call is transferred to.wait for it.India. So, it doesn't appear that the time of an issue completely influences to what Cisco support center a call is routed. As a matter of fact, the support engineer for that particular call informed me it was 2:00AM where he was. This leads me to several questions that perhaps someone from Cisco monitoring this forum could answer. 1. Given the stature of the 6500 platform within Cisco's product line, and given the
Re: [c-nsp] IOS for 7206VXR, SRD2a or SRC4?
On Monday 21 September 2009 06:01:08 pm luismi wrote: Any recommendation of an IOS for a 7206VXR? I was using the features navigator and I saw that SRD2a and SRC4 are mostly the same so, what are the differences between both of them? Would suggest SRC4, although SRC5 will be out end of October. Also, SRD3 is already out, but would not recommend it without going through this link first to make sure you need it for this platform: http://www.cisco.com/en/US/docs/ios/12_2sr/release/notes/122SRrn.html SRC4 contains mostly bug fixes since SRC3. No new features. SRC has been out longer than SRD, and from the little I can infer so far, the 7600 may stand to benefit the most from SRD, than the 7200. Cheers, Mark. signature.asc Description: This is a digitally signed message part. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] IOS for 7206VXR, SRD2a or SRC4?
On Monday 21 September 2009 08:32:14 pm Derick Winkworth wrote: 12.4(15)T10 Its the third or fourth bug-fix only release in the 12.4(15)T line of code... You have a lot of features you want to enable... I would try this one first.. Before we started out with SRC, we evaluated a single code base that we could run on both our NPE-G1's and below, as well as the NPE-G2's and 7201's. Needless to say, as do most folk, we tried to stay away from the T train, despite the fact that aside from SRC, 12.4T and 12.4XD were the only other trains that supported the NPE-G2 and 7201 platforms. Moreover, we wanted BFD, and it seemed that only SRC (and now, SRD too) provided support for this across all interface types, including WAN's, i.e., Frame Relay, POS, Serial, ATM, e.t.c. Our decision was clear after that. SRC has quite a comprehensive feature set, and because we can run it across the NPE-400, NPE-G1, NPE-G2 and 7201, it made for a great choice with us. Cheers, Mark. signature.asc Description: This is a digitally signed message part. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Cisco TAC issues - can someone from Cisco enlighten me on this?
On Monday 21 September 2009 09:31:48 pm Steven Fischer wrote: as an aside, the TAC engineer (Indian engineer #4) stuck with it, and has found the bug that was causing the meltdown. Credit certainly needs to be given for that. Good stuff. Grateful if you could kindly share any technical experiences about this issue, in case any of us go through the same with our 6500 platforms. Thanks. Cheers, Mark. signature.asc Description: This is a digitally signed message part. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] IOS for 7206VXR, SRD2a or SRC4?
On Monday 21 September 2009 09:32:59 pm luismi wrote: I didn't tell you, it is a NPE-G2 Then your only options are: 12.4T, 12.4XD, SRC and SRD. As mentioned before, SRC would be my recommendation. We've been happy with it. I was going to warn you about staying away from BFD on the NPE-G1 and below, until SRC5. But since your platform is the NPE-G2, then you're in the clear re: the evil BFD-related crash (which only affects the NPE-G1). Cheers, Mark. signature.asc Description: This is a digitally signed message part. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Cisco TAC issues - can someone from Cisco enlighten me on this?
the specific bug that caused my issue is *CSCta02715* Now, I find it scary that a command element related to logging could take down an array of 6500's. Furthermore, we had been running the SXH5 code with the logging count command element enabled on two of the four core switches for 30 days (the code had actually been running for three months+) logging count is a way to quickly check log messages on a switch/router, and provides simple output that can be used to identify recurring and troubling issues. see: http://www.cisco.com/en/US/docs/ios/netmgmt/configuration/guide/nm_logging_count.html On Mon, Sep 21, 2009 at 10:00 AM, Mark Tinka mti...@globaltransit.netwrote: On Monday 21 September 2009 09:31:48 pm Steven Fischer wrote: as an aside, the TAC engineer (Indian engineer #4) stuck with it, and has found the bug that was causing the meltdown. Credit certainly needs to be given for that. Good stuff. Grateful if you could kindly share any technical experiences about this issue, in case any of us go through the same with our 6500 platforms. Thanks. Cheers, Mark. -- To him who is able to keep you from falling and to present you before his glorious presence without fault and with great joy ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Cisco TAC issues - can someone from Cisco enlighten meon this?
Daniska, Tomas wrote: (btw - asking for requeue to bru is what everybody reasonable at Cisco recommends to do - of course for europe...) Does anyone know what the equivalent would be in the states? I try my best to open cases first thing in the morning (CST) when I'm likely to get someone in the states. That said I've still had my share of communication problems to overcome. I had actually had to requeue cases twice because of communication issues. I hated to do it but I needed help and I needed it right then. I couldn't spend 3 or 4 times as much time trying to overcome that hurdle. I had a case routed to Australia a few weeks ago. I was thinking that this would be fine. As it turns out she had one of the thickest accents I've ever heard. She was not from Australia. Fortunately she went on leave part way into my case (which was good because all I ever got from her was form letter replies, nothing helpful). So I requeued on a Friday. I got an engineer from SJC. That Monday he sent me some more info and then also went on leave. So I requeued for a 3rd time. That engineer was very helpful and we managed to resolve the issue. He went on leave as the case was wrapping up. I wish I worked at Cisco and had all that PTO! :-) Steve and everyone else: when you feel like you're getting the run-around from TAC (it happens from time to time, even with the best of engineers) you need to ask for the Duty Manager. If the TAC engineer won't connect you with that person or doesn't know who it is grab another phone and call back into Cisco. Give the case dispatch person your SR and ask for the Duty Manager. Explain what you think is going off track with the case and what you feel would be the appropriate way to proceed. They should be able to help; it's their job. I've had to involve the Duty Manager a couple times on highly complex issues that involved multiple technologies. For example I'm calling in about an IPSec SPA issue in a 7600 and because it's a 7600 I got routed to the switching group. I need people from both groups and then some to effectively troubleshoot the problem. After a few hours of the switching person beating on the problem it was clear to me that he didn't have the skills needed to troubleshoot the IPSec SPA. Unfortunately he didn't want to involve the other group. I didn't have time to wait for him to come to the same realization that I had so I had the Duty Manager do it for him. The VPN Specialist that they got on the phone was extremely helpful in troubleshooting the problem. We'd have hours waiting on the switching guy to escalate the problem if I hadn't escalated the case to the duty manager. Sometimes we engineers are reluctant to ask for help. On the whole I usually have good luck when I call TAC. Here lately I haven't had as good of luck but usually it's not a problem. The engineer frequently leads me to discover what the problem is; I just needed someone to bounce ideas off of and talk the problem out. Occasionally I'll get an excellent engineer who is extremely deep in the technology at hand and he quite literally schools me. That happens far less often I'm afraid. Justin PS== Ask for the Duty Manager ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Cisco TAC issues - can someone from Cisco enlighten me on this?
On Sun, Sep 20, 2009 at 6:33 PM, William McCall william.mcc...@gmail.comwrote: I would advise you to make sure to fill out the eval among other things. This is a situation where I'd put all 1's. Make sure to put in the comments too. I've been told the bingo scores apply only to the TAC engineer. Giving him a bad score because of management decisions that he had no control over seems unfair. I want something that lets me rate how well Cisco handled the case - not just how well the engineer handled the case. Lee Those evals (known as BINGOs internally) are a big deal and may help you with getting some motion. Of course, follow up with your AM and see what they can do. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Cisco TAC issues - can someone from Cisco enlighten meon this?
Ask your account team to sign you up for the Walker Survey. That's what it's for and you can say whatever you want. Typically you get to review every aspect of your service with Cisco in the yearly version although they have different versions they do send out that may specifically reference one part of your service i.e. Advanced Services contract, sales engineer, etc. HTH -Will - Original Message - From: Lee ler...@gmail.com Sent: Mon, September 21, 2009 10:06 Subject:Re: [c-nsp] Cisco TAC issues - can someone from Cisco enlighten meon this? On Sun, Sep 20, 2009 at 6:33 PM, William McCall william.mcc...@gmail.comwrote: I would advise you to make sure to fill out the eval among other things. This is a situation where I'd put all 1's. Make sure to put in the comments too. I've been told the bingo scores apply only to the TAC engineer. Giving him a bad score because of management decisions that he had no control over seems unfair. I want something that lets me rate how well Cisco handled the case - not just how well the engineer handled the case. Lee Those evals (known as BINGOs internally) are a big deal and may help you with getting some motion. Of course, follow up with your AM and see what they can do. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Cisco TAC issues - can someone from Cisco enlighten meon this?
You guys are starting to frighten me. I've got 6500s running H4, I1 and I2, and it's hard for me to say which of any of the releases are any good - meanwhile, the TAC is busy chasing down why they're randomly corrupting my NAT tables. (I finally got a full capture of the incident where very clearly the 6500 had confused packets associated with one NAT flow with another flow, resulting in packets from one TCP session getting sent to another host and other packets going to the right internal destination with a src of another internal host. Nice. It only happens once every 2-3 weeks tho!) I wanted SXI for something, I can't remember what - maybe I should have stayed back at SXF8. :( the specific bug that caused my issue is *CSCta02715* Now, I find it scary that a command element related to logging could take down an array of 6500's. Furthermore, we had been running the SXH5 code with the logging count command element enabled on two of the four core switches for 30 days (the code had actually been running for three months+) ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Cisco TAC issues - can someone from Cisco enlighten me on this?
On Monday 21 September 2009 10:45:43 pm Steven Fischer wrote: the specific bug that caused my issue is *CSCta02715* Many thanks, and best of luck moving forward. Cheers, Mark. signature.asc Description: This is a digitally signed message part. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] 7600-ES20 L2 and L3 Multiplexing
Hello group, I have a ES20 interface configured with L2 services via the service instance command. Now i would like to add L3 services to the same physical interface but i noticed a problem with IPv6: 7600# 7600#conf t Enter configuration commands, one per line. End with CNTL/Z. 7600(config)#! 7600(config)#interface GigabitEthernet3/0/0.200100 7600(config-subif)# encapsulation dot1Q 200 second-dot1q 100 7600(config-subif)# ip address 20.20.20.254 255.255.255.0 7600(config-subif)# ipv6 address 2001:20::2/64 ^ % Invalid input detected at '^' marker. 7600(config-subif)#ipv6 ? % Unrecognized command 7600(config-subif)# After removing all the service instance entries, the IPv6 command was accepted. Is this a known limitation ? I saw the same problem with 12.2(33)SRC2 and 122-33.SRD2a. Thanks. Regards, Antonio Soares, CCIE #18473 (RS) amsoa...@netcabo.pt ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Cisco TAC issues - can someone from Cisco enlighten meon this?
Hi, I wanted SXI for something, I can't remember what - maybe I should have stayed back at SXF8. :( :-) SXF was, in the main, quite good. we had to move because of feature support etc only being in the latest trains. SXI because of longterm support (which SXH doesnt have)usually the bugs were small annoyances (maybe oversimplistic - but these latest issues seem to be big big show stoppers :-( ) alan ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] Split T1's on Channelized DS3 card
I've got a few customers on T1's that are split for data and voice. These T's are currently coming in on a standard T1 serial card in a 7513 chassis. I'm trying to move them to a channelized DS3 card. I've got the channel groups split and setup as needed but the T1 never comes up. Anyone know if this is this a limitation to the channelized DS3 card or should this configuration work as expected? Thanks. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Cisco TAC issues - can someone from Cisco enlighten meon this?
Steve, I have been through all that you mention myself. That being said, I have had very good luck in requesting TAC in Mexico or Australia for late night escalation assistance. *WARNING horrible generalization to follow* - I have had very good luck with the skill sets found in both places. YMMV. My TAC approach- When the first TAC guy tells me to send a show tech while it and other relevant pieces of info are attached to the case, I immediately close the case and re-open it. This way I can roast the guy on the survey. Sadly, If it gets escalated/transferred I cannot selectively rate each person on the case, so as a workaround this is how I get my two cents in. Mike ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Split T1's on Channelized DS3 card
Todd wrote: I've got a few customers on T1's that are split for data and voice. These T's are currently coming in on a standard T1 serial card in a 7513 chassis. I'm trying to move them to a channelized DS3 card. I've got the channel groups split and setup as needed but the T1 never comes up. Anyone know if this is this a limitation to the channelized DS3 card or should this configuration work as expected? We do TDM voice (i.e. DS0s 1-12 are for POTS lines) and data (i.e. DS0s 13-24 are in a channel-group for Serial1/2/3/4:5) all day long. We have a DACS upstream of our 7206/7507s that splits the voice and data at the CO, and we use Adtran CPE to handle the far end. Nothing fancy needed on our routers to do this. cont T3 X/Y/Z t1 A chan B tim C-D ! int SerialX/Y/Z/A:B description this is a T1 ip addr 10.10.10.10 255.255.255.252 ! ip route 10.20.30.0 255.255.255.0 sX/Y/Z/A:B ! end pt ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] Comparison of T3 and T1 PAs?
Does anyone know of a good article, table or chart that compares the various T3 and T1 PA options? I've found a variety of docs but nothing of them giving a clear and concise list of differences between the PAs (features, chassis support, NPE support, etc). PA-T3 PA-T3+ PA-MC-T3 PA-MC-T3+ PA-MC-T3-EC PA-8T PA-MC-8DSX1 PA-MC-8T1 PA-MCX-8TE1-M I found this doc on the T1s which helped a little but not much. http://www.cisco.com/en/US/docs/interfaces_modules/port_adapters/install_upgrade/multichannel_serial/multichannel-dsi.pri_install_config/3525over.html I've found all sorts of docs on the DS3s but again nothing terribly concise or a clear-cut comparison between the different models. For example I know that the PA-MC-T3-EC can do MLPPP in hardware but not on the PA-MC-T3+. We bought the EC model for our T1 delivery service on 7200s (G2) but is it really needed? A fully-loaded 7200 with PA-MC-2T3-EC modules only puts 12 DS3s in a chassis. At full line-rate that's just shy of the throughput limit on a G1 and still half that of our G2. Now I'm sure if all our DS1s were in MLPPP bundles that this would certainly add load to the CPU but we're 25/75 CC DS1s and MLPPP bundles at this point. I could probably buy used PA-MC-T3 cards and do what I need if only I knew what the feature differences were. One thing I need to know is on which T1 PAs is MLPPP supported. I need to know if MPLS (core-facing) would be supported on a bundle of T1s. I need to know which DS3 modules support core-facing MPLS. I have an application that requires me to place a PE at a customer site to drop Internet and private WAN service and connect to it via T1s. I've contemplated ISRs and MFT VWICs and HWICs. I'm also looking at used 7200s which uses T1 PAs or a M13 and a used DS3 PA. I can come up with the 7200 solution far cheaper than the ISR and new MFT solution. Unfortunately I'm not terribly familiar with older DS1/DS3 PAs or NPEs or controller cards prior to the G1. So, does anyone know of a good comparison between the assorted DS1/DS3 PAs? Thanks Justin ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Comparison of T3 and T1 PAs?
Justin Shore wrote: Does anyone know of a good article, table or chart that compares the various T3 and T1 PA options? I've found a variety of docs but nothing of them giving a clear and concise list of differences between the PAs (features, chassis support, NPE support, etc). PA-T3 PA-T3+ PA-8T These PAs, without -MC in the model, deal with their ports as a single interface. In other words, if you insert a PA-8T into a 7206 in slot 6, I'd anticipate Serial6/0 through Serial6/7 showing up in your config. PA-MC-8DSX1 PA-MC-8T1 PA-MCX-8TE1-M PA-MC-T3 PA-MC-T3+ PA-MC-T3-EC These PAs, with -MC in the model, are channelized (Multi Channel), and can (must?) deal with their ports as multiple channel groupings, each of which presents itself as a Serial interface once configured. I've found all sorts of docs on the DS3s but again nothing terribly concise or a clear-cut comparison between the different models. For example I know that the PA-MC-T3-EC can do MLPPP in hardware but not on the PA-MC-T3+. Correct. The PA-MC-T3+ depends on the system CPU for MLPPP. AFAIK, the system CPU still handles the basic PPP duties, thereby negating some of the redundancy features that you'd hope/expect in a 7500. We bought the EC model for our T1 delivery service on 7200s (G2) but is it really needed? A fully-loaded 7200 with PA-MC-2T3-EC modules only puts 12 DS3s in a chassis. At full line-rate that's just shy of the throughput limit on a G1 and still half that of our G2. Now I'm sure if all our DS1s were in MLPPP bundles that this would certainly add load to the CPU but we're 25/75 CC DS1s and MLPPP bundles at this point. I could probably buy used PA-MC-T3 cards and do what I need if only I knew what the feature differences were. We converted a POP from 7507/RSP4/VIP2-50s to 7206/NPE-225, with one PA-MC-2T3+. One T3 had fractional T1s on it (about 3/4 full), the other T3 had full T1s on it (about 3/4 full), with three MLPPP groups totaling about 10 T1s. We saw CPU around 20-35%, which had me a little worried. It's held steady in proportion to MLPPP traffic, so I've been OK. I had an internal policy to limit 7206/7507s to no more than two PA-MC-2T3, for stability and config size, which should have kept the 7206 CPU down sufficiently for us. One thing I need to know is on which T1 PAs is MLPPP supported. I need to know if MPLS (core-facing) would be supported on a bundle of T1s. I need to know which DS3 modules support core-facing MPLS. MLPPP should be supported with most IOS, as long as you keep the bundle on a single PA. Core-facing MPLS on MLPPP is going to be a problem. You may want to search the archives for a post from Rodney Dunn on this particular topic. He mentioned that it definitely wasn't supported under 12.0(27)S, and I knew we were running it on that 12.0(27)S5. I checked my routers, and found that VIP CPU on the relevant boxes was pegged at 99% since a recent topology change, and was impacting packet forwarding heavily over that path. That link was going away anyway, so we torpedoed it that night. pt ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] IOS for 7206VXR, SRD2a or SRC4?
Not to ask a dumb question, but... What is the point of the 12.2SR train, vs 12.4/12.4T? Besides internal Cisco infighting over who-knows-what in the 7600/6500 split? ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Cisco TAC issues - can someone from Cisco enlighten meon this?
Oh, you are not alone! Greg Ferro has defined it: http://etherealmind.com/network-dictionary-tacrathon/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] WIC-T1 total output drops?
Hi there, On a recently T1 PtP deployment, I noticed that one end is getting a high number of ³Total output drops². 51 in the last 24 minutes. No other errors or abnormalities on this one side, and the other side is at 0. What could cause this? My T1 debugging skills are still in novice mode. Is this something that I need to be concerned with or am I overly paranoid? Currently, not a ³whole lot of² traffic is going over this link; but I did setup the QoS for that ³just incase². Serial0/0 is up, line protocol is up Hardware is PQUICC with Fractional T1 CSU/DSU Internet address is nn.nn.nn.nn/30 MTU 1500 bytes, BW 1536 Kbit, DLY 2 usec, reliability 255/255, txload 3/255, rxload 1/255 Encapsulation HDLC, loopback not set Keepalive set (10 sec) Last input 00:00:06, output 00:00:00, output hang never Last clearing of show interface counters 00:24:03 Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 51 Queueing strategy: Class-based queueing Output queue: 0/1000/64/51 (size/max total/threshold/drops) Conversations 0/12/256 (active/max active/max total) Reserved Conversations 0/0 (allocated/max allocated) Available Bandwidth 384 kilobits/sec 30 second input rate 6000 bits/sec, 6 packets/sec 30 second output rate 24000 bits/sec, 6 packets/sec 27702 packets input, 3869862 bytes, 0 no buffer Received 168 broadcasts, 0 runts, 0 giants, 0 throttles 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort 37788 packets output, 33192561 bytes, 0 underruns 0 output errors, 0 collisions, 0 interface resets 0 output buffer failures, 0 output buffers swapped out 0 carrier transitions DCD=up DSR=up DTR=up RTS=up CTS=up --- Serial0/0 Service-policy output: VOIP Class-map: VOIP (match-any) 15111 packets, 3175756 bytes 30 second offered rate 3000 bps, drop rate 0 bps Match: access-group 11 15111 packets, 3175756 bytes 30 second rate 3000 bps Queueing Strict Priority Output Queue: Conversation 264 Bandwidth 50 (%) Bandwidth 768 (kbps) Burst 19200 (Bytes) (pkts matched/bytes matched) 1832/387269 (total drops/bytes drops) 0/0 Class-map: class-default (match-any) 39495 packets, 42393526 bytes 30 second offered rate 188000 bps, drop rate 0 bps Match: any Queueing Flow Based Fair Queueing Maximum Number of Hashed Queues 256 (total queued/total drops/no-buffer drops) 40/51/0 ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] Out of order queuing
Hello, We have a customer with load-balanced path to us. TCP throughput is affected by some out-of-order packets, and we were looking for a way to queue the interface in order to try and mitigate this. Is it possible to use any queueing mechanism to re-order packets received from this customer before transmitting them, even at the cost of latency?! I tried experimentation with CBWFQ with little to no success. Any tips? Thanks, C. Flav ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Out of order queuing
chris.f...@yahoo.ca wrote: Hello, We have a customer with load-balanced path to us. TCP throughput is affected by some out-of-order packets, and we were looking for a way to queue the interface in order to try and mitigate this. Is it possible to use any queueing mechanism to re-order packets received from this customer before transmitting them, even at the cost of latency?! I tried experimentation with CBWFQ with little to no success. Any tips? Is a different load balancing algorithm possible here? Perhaps flow-based load-balancing instead of packet-based would solve the problem. Less throughput achieved per flow but it should balance itself out when you factor in all the other flows. Plus no out-of-order packets. Justin ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Out of order queuing
Is a different load balancing algorithm possible here? Perhaps flow-based load-balancing instead of packet-based would solve the problem. Less throughputachieved per flow but it should balance itself out when you factor in all the other flows. Plus no out-of-order packets.Justin Hello, Unfortunately the point of this load balancing is to allow more throughput per flow. There is actually more throughput possible, however a good amount (20-30%) is not available with 2 paths, and almost no gain whatsoever is made when a third path is added. Is there no queueing mechanism that can mitigate this that we could apply on the interface facing us? C. Flav ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Help with QoS
Hi James, On Tue, Sep 22, 2009 at 7:22 AM, james edwards lists.james.edwa...@gmail.com wrote: This is on the 2811, I get this error: I/f GigabitEthernet0/2/0 class class-default requested bandwidth 50%, available only 25% You're getting this message because, by default, IOS enforces an administrative limit of 75% of total interface bandwidth (as specified with the 'bandwidth' command) for allocation to classes. When applying this service policy to this interface (20 mgs commited): interface GigabitEthernet0/2/0 bandwidth 2 service-policy out ALBD-SHAPE [...] I am trying a allocate 50 % (10 megs) to the storserv and the rest to the default class. Try it again after putting max-reserved-bandwidth 100 on Gi0/2/0. cheers, Dale ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Help with QoS
Hi James, I/f GigabitEthernet0/2/0 class class-default requested bandwidth 50%, available only 25% I am trying a allocate 50 % (10 megs) to the storserv and the rest to the default class. By default you can only allocated up to 75% of the link bandwidth for QOS policies, the rest is reserved for headroom. You can use the command max-reserved-bandwidth on an interface to change this to a higher percentage value. Regards, Joseph ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Router logs going to dmesg
Thanks John. Your suggestion did the trick. Much appreciated. Cheers. Andy -Original Message- From: John Kougoulos [mailto:k...@intracom.gr] Sent: Monday, 21 September 2009 6:03 PM To: Andy Saykao Cc: cisco-nsp@puck.nether.net Subject: Re: [c-nsp] Router logs going to dmesg Hello, somewhere at the start of syslog.conf you will see something like: *.err /dev/sysmsg *err;kern.debug/var/adm/messages *.alert;kern.err operator etc. change it to something like: *.err;local0.none /dev/sysmsg *err;kern.debug;local0.none /var/adm/messages etc. and then pkill -1 syslogd Regards, John On Mon, 21 Sep 2009, Andy Saykao wrote: Hi All, I'm trying to send cisco logs to a syslog server running Solaris 9. It's logging fine except that I'm seeing some logs showing up in dmesg. Example of a dmesg outout: Sep 21 13:44:16 [172.16.9.18.224.173] 3297: Sep 21 13:44:15.981 AEST: %LINK-3-UPDOWN: Interface GigabitEthernet0/45, changed state to down Sep 21 13:44:21 [172.16.9.18.224.173] 3298: Sep 21 13:44:20.956 AEST: %LINK-3-UPDOWN: Interface GigabitEthernet0/45, changed state to up Sep 21 13:48:38 agr1-cr-loopback-0.x.x.x 315047: Sep 21 13:48:37.756 AEST: %SNMP-3-AUTHFAIL: Authentication failure for SNMP req from host 83.143.128.1 I've tried changing the facility to local0.info on the cisco devices but still the same thing is happening. Is there a particular facility I should be using so the logs don't appear in dmesg??? This was the only thing I could find on goggle about my problem but no real solution. http://www.velocityreviews.com/forums/t34315-which-facility-is-best-fo r- logging-to-linux-syslog.html This is my /etc/syslog.conf file. # Log cisco routers local0.info /var/log/cisco.log And my config on the routers. logging facility local0 logging source-interface Loopback0 logging 210.15.210.x Thanks. Andy This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. Please notify the sender immediately by email if you have received this email by mistake and delete this email from your system. Please note that any views or opinions presented in this email are solely those of the author and do not necessarily represent those of the organisation. Finally, the recipient should check this email and any attachments for the presence of viruses. The organisation accepts no liability for any damage caused by any virus transmitted by this email. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ __ This email has been scanned by the MessageLabs Email Security System. For more information please visit http://www.messagelabs.com/email __ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Enhanced download procedure
On 9/18/09 5:59 AM, Eric Van Tol wrote: My impression is that they take their feedback from customers that don't use the Cisco site all that often and are caught up in the mythical Web 2.0 garbage that keeps infecting the internet. Except that, in Cisco's case, it's Web 2.0(45a)SXB12b. And it doesn't actually work. What's amazing is that after several tries to get the stoopid thing to work, I still had to rename the files (with the embedded backslashes mentioned before). Clearly, they didn't test on any platform other than Oscar Bauer's Windows XP machine. That's such a fundamental violation of any interoperability standard that it's laughable. Anyway, the reason I had to download the image I was downloading was to see if it actually supported the WS-6324-MM card for the 6500. See, the release notes all say that all versions of 12.2(33)SXH and 12.2(33)SXI are supposed to support this card, but of course they don't (they were supposed to stop supporting the WS-6324-SM card but someone apparently screwed up and stopped supporting both cards). Cisco fixed the problem so that the IOS no longer powers down the card as unsupported. It happily identifies the card and allows it to consume power, but it won't let you configure the interfaces, nor will it forward traffic, etc. My general experience today makes me wonder if Cisco has any idea what the word support means anymore. michael ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Enhanced download procedure
On Sep 21, 2009, at 9:51 PM, Michael Sinatra wrote: On 9/18/09 5:59 AM, Eric Van Tol wrote: My impression is that they take their feedback from customers that don't use the Cisco site all that often and are caught up in the mythical Web 2.0 garbage that keeps infecting the internet. Except that, in Cisco's case, it's Web 2.0(45a)SXB12b. And it doesn't actually work. What's amazing is that after several tries to get the stoopid thing to work, I still had to rename the files (with the embedded backslashes mentioned before). Clearly, they didn't test on any platform other than Oscar Bauer's Windows XP machine. That's such a fundamental violation of any interoperability standard that it's laughable. I talked to Oscar, while I do agree with the image that you paint, he also claimed that there was testing on more than 1 platform/OS. I don't know how broad this is, but you should continue to make your feedback well known. You can have your SE send him an email as well as those in his mgmt chain if you do not feel his responses were good enough for your needs. I honestly think he is going to address this issue. I think the workaround process of opening a TAC case for each image you want to download will help keep this process at the forefront of the radar on the support org. Also, if you got the Walker Survey, make sure your sales rep understands the impact this has on your responses. Their bonus is impacted based on this response. - Jared ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/